ARTICLE
7 October 2015

Industry Healthcheck: Current Landscape

ML
McMillan LLP

Contributor

McMillan is a leading business law firm serving public, private and not-for-profit clients across key industries in Canada, the United States and internationally. With recognized expertise and acknowledged leadership in major business sectors, we provide solutions-oriented legal advice through our offices in Vancouver, Calgary, Toronto, Ottawa, Montréal and Hong Kong. Our firm values – respect, teamwork, commitment, client service and professional excellence – are at the heart of McMillan’s commitment to serve our clients, our local communities and the legal profession.
Insurers in Canada are required to implement a system of enterprisewide risk management that identifies the inherent risks in their activities and manages those risks to appropriately defined levels.
Canada Insurance

Introduction

Insurers in Canada are required to implement a system of enterprise-wide risk management that identifies the inherent risks in their activities and manages those risks to appropriately defined levels. Regulatory reforms that address risk management of insurers and other financial institutions have dominated the landscape in Canada over the past few years. Recent initiatives put into place by Canada's federal insurance regulator include:

  • a revised guideline on corporate governance;
  • a revised guideline on regulatory compliance management;
  • a new guideline on own risk and solvency assessment;
  • and a new guideline on operational risk management.

Revised guideline on corporate governance

The revised guideline on corporate governance requires, among other things:

  • a board-approved risk appetite framework;
  • hands-on involvement by senior managers in risk management policies and practices and dedicated board oversight;
  • in appropriate circumstances, the establishment of a dedicated risk committee; and
  • the appointment of a chief risk officer with unfettered access and a functional reporting line directly to the board or risk committee.

The corporate governance guideline applies to domestic insurers only because significant responsibility is placed on the board of directors as the ultimate oversight function. Branch operations do not have local boards of directors.

Revised guideline on regulatory compliance management

The guideline on regulatory compliance management is a revision of the prior guideline on legislative compliance management and communicates the regulator's expectations with respect to the management of regulatory compliance risk by insurers. The guideline makes the board of directors – or chief agent, in the case of a branch operation of a foreign company – ultimately responsible for effective enterprise-wide regulatory compliance management and mandates a chief compliance officer. Internal audit (or another independent review function) is required to validate the effectiveness of, and adherence to, the insurer's compliance framework through regular risk-based testing.

New guideline on own risk and solvency assessment

The new guideline on own risk and solvency assessment (ORSA) outlines the regulator's expectations with respect to the insurer's own assessment of its risks, capital needs and solvency position, and the setting of internal targets based on the insurer's ORSA. The ORSA guideline also addresses:

  • the scope of the ORSA;
  • its relation to enterprise risk management;
  • the role of the board, senior management and other participants in performing, monitoring,  reporting or reviewing the ORSA; and
  • other key elements of the assessment process.

New guideline on operational risk management

The new guideline on operational risk management is designed to complement the above noted guidance in order to round out an insurer's overall risk management systems and culture. The Office of the Superintendent of Financial Institutions (OSFI) expects each insurer to implement policies and procedures for operational risk management as part of its enterprise-wide, board-approved risk appetite framework. OSFI recommends that an insurer's methodology of operational risk management should follow the 'three lines of defence' model for establishing and independently assessing the insurer's processes:

  • the business line, which plans, directs and controls day-to-day operations;
  • an oversight function (eg, compliance and/or legal); and
  • an independent review and assessment by internal audit.

Similar to the corporate governance guideline, the guideline on operational risk management applies only to domestically incorporated insurers.

Originally published by International Law Office

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2015

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More